From: SeongJae Park <sj@kernel.org>
To: sashiko-bot@kernel.org
Cc: SeongJae Park <sj@kernel.org>, damon@lists.linux.dev
Subject: Re: [RFC PATCH v1.1 02/14] mm/damon/core: do not use region out of a loop in damon_set_regions()
Date: Wed, 20 May 2026 23:05:22 -0700 [thread overview]
Message-ID: <20260521060523.80684-1-sj@kernel.org> (raw)
In-Reply-To: <20260521041949.9E5AF1F000E9@smtp.kernel.org>
On Thu, 21 May 2026 04:19:49 +0000 sashiko-bot@kernel.org wrote:
> Thank you for your contribution! Sashiko AI review found 1 potential issue(s) to consider:
>
> Pre-existing issues:
> - [High] Integer overflow in ALIGN() can result in region with ar.end = 0
> --
>
> commit d65dcd33c6063ed27bd90da3803c482628ebbc88
> Author: SeongJae Park <sj@kernel.org>
>
> mm/damon/core: do not use region out of a loop in damon_set_regions()
>
> This commit cleans up damon_set_regions() to explicitly track if a region
> should be inserted before another, avoiding reliance on undocumented
> iterator behavior. No behavioral changes are intended.
>
> > diff --git a/mm/damon/core.c b/mm/damon/core.c
> > index d0bdf6e01dff8..669fd13776ea2 100644
> > --- a/mm/damon/core.c
> > +++ b/mm/damon/core.c
>
> [ ... ]
>
> > @@ -394,7 +397,11 @@ int damon_set_regions(struct damon_target *t, struct damon_addr_range *ranges,
> > ALIGN(range->end, min_region_sz));
>
> [Severity: High]
> This is a pre-existing issue,
So, no blocker of this series.
> but can this ALIGN() macro overflow if
> userspace provides ULONG_MAX as the region end via the sysfs interface?
It is technically possible. But what sane user would use such input?
>
> If range->end is ULONG_MAX and min_region_sz is 4096, the ALIGN() macro
> would evaluate to 0, resulting in a region where ar.end is 0.
And it will trigger WARN_ONCE() on multiple verification points in
CONFIG_DAMON_DEBUG_SANITY enabled kernels.
>
> When damon_sz_region() subsequently calculates the size using
> r->ar.end - r->ar.start, the unsigned arithmetic would underflow to a
> massive size.
>
> This could cause the while (damon_sz_region(r) > max_region_sz) loop in
> damon_apply_min_nr_regions() to iterate nearly endlessly, allocating new
> regions until memory is exhausted.
If there is a region having end address equal to or smaller than the start
address, I think not only damon_apply_min_nr_regions() but multiple logics in
DAMON will behave crazily. But, as I mentioned at the beginning, it is unclear
if it is a sane user input that deserve to be supported. Of course I might
missing something, but I will revisit this if the first question is answered by
someone.
Thanks,
SJ
[...]
next prev parent reply other threads:[~2026-05-21 6:05 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-21 3:53 [RFC PATCH v1.1 00/14] mm/damon: minor improvements for code readability and tests SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 01/14] mm/damon/core: safely handle no region case in damon_set_regions() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 02/14] mm/damon/core: do not use region out of a loop " SeongJae Park
2026-05-21 4:19 ` sashiko-bot
2026-05-21 6:05 ` SeongJae Park [this message]
2026-05-21 3:53 ` [RFC PATCH v1.1 03/14] samples/damon/mtier: replace damon_add_region() with damon_set_regions() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 04/14] mm/damon/tests/vaddr-kunit: " SeongJae Park
2026-05-21 4:05 ` sashiko-bot
2026-05-21 5:24 ` SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 05/14] mm/damon/core: hide damon_add_region() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 06/14] mm/damon/core: hide damon_insert_region() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 07/14] mm/damon/core: hide damon_destroy_region() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 08/14] mm/damon/core: add kdamond_call() debug_sanity check SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 09/14] mm/damon/core: remove damon_verify_nr_regions() SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 10/14] mm/damon/tests/core-kunit: add damon_set_regions() test cases SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 11/14] selftests/damon/sysfs.py: stop kdamonds before failing SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 12/14] selftests/damon/sysfs.sh: test monitoring intervals goal dir SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 13/14] selftests/damon/sysfs.sh: test addr_unit file existence SeongJae Park
2026-05-21 3:53 ` [RFC PATCH v1.1 14/14] selftests/damon/sysfs.sh: test pause " SeongJae Park
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260521060523.80684-1-sj@kernel.org \
--to=sj@kernel.org \
--cc=damon@lists.linux.dev \
--cc=sashiko-bot@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox